Re: client query logging (refused message)

2009-02-23 Thread Mark Andrews 

In message ,
 asd...@gmail.com writes:
> 62.109.4.89 and 195.68.176.4 are compromized/attackers

Actually they are more likely to be under attack.

Make sure that you (and your ISP) have deployed the measures
in BCP 38 to ensure that you are not the source of such a
attack.

Mark
 
> See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux-
> help/140848-var-log-messages-question.html
> 
> Sample log entries:
> Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query
> (cache) './NS/IN' denied
> Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query
> (cache) './NS/IN' denied
> Frequency: 40 to 90 queries from those hosts per minute.
> 
> -- Chris
> 
> 
> 
> On Feb 17, 2:19 pm, JINMEI Tatuya / ...@l@C#:H(B 
> wrote:
> > At Tue, 17 Feb 2009 08:15:39 -0500,
> >
> > Matthew Huff  wrote:
> > > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
> > > external-in: query: . IN NS +
> > > ...
> >
> > > logged, and I have verified that the query is refused, but nothing in the
> > > log shows that it was refused. Is there anyway to log the success/failure
>  of
> > > the queries?
> >
> > Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
> > will provide a new logging category that can log the information you
> > seem to want:
> >
> > 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) 
> for ./IN/NS at query.c:3887
> >
> > ---
> > JINMEI, Tatuya
> > Internet Systems Consortium, Inc.
> > ___
> > bind-users mailing list
> > bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users
> 
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: client query logging (refused message)

2009-02-23 Thread asdlkf 
62.109.4.89 and 195.68.176.4 are compromized/attackers

See my post here:http://www.linuxforums.org/forum/redhat-fedora-linux-
help/140848-var-log-messages-question.html

Sample log entries:
Feb 19 08:24:17 asdlkf named[6459]: client 62.109.4.89#32721: query
(cache) './NS/IN' denied
Feb 19 08:24:18 asdlkf named[6459]: client 195.68.176.4#25853: query
(cache) './NS/IN' denied
Frequency: 40 to 90 queries from those hosts per minute.

-- Chris



On Feb 17, 2:19 pm, JINMEI Tatuya / 神明達哉 
wrote:
> At Tue, 17 Feb 2009 08:15:39 -0500,
>
> Matthew Huff  wrote:
> > 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
> > external-in: query: . IN NS +
> > ...
>
> > logged, and I have verified that the query is refused, but nothing in the
> > log shows that it was refused. Is there anyway to log the success/failure of
> > the queries?
>
> Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
> will provide a new logging category that can log the information you
> seem to want:
>
> 17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) 
> for ./IN/NS at query.c:3887
>
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.
> ___
> bind-users mailing list
> bind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: client query logging (refused message)

2009-02-17 Thread JINMEI Tatuya / 神明達哉 
At Tue, 17 Feb 2009 08:15:39 -0500,
Matthew Huff  wrote:

> 17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
> external-in: query: . IN NS +
> ...
> 
> logged, and I have verified that the query is refused, but nothing in the
> log shows that it was refused. Is there anyway to log the success/failure of
> the queries?

Not yet, but BIND 9.7 (and perhaps next minor versions of 9.6 and 9.5)
will provide a new logging category that can log the information you
seem to want:

17-Feb-2009 14:15:45.998 debug 3: client ::1#50076: query failed (REFUSED) for 
./IN/NS at query.c:3887

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

client query logging (refused message)

2009-02-17 Thread Matthew Huff 

In my logging global section I have:

logging {

channel audit_log {
file "/var/log/named_audit.log" versions 128 size 4m;
severity debug;
print-time yes;
print-category yes;
  };

...
category client { audit_log; };
...
};

and I get:
...
17-Feb-2009 08:14:17.376 queries: client 62.109.4.89#49464: view
external-in: query: . IN NS +
...

logged, and I have verified that the query is refused, but nothing in the
log shows that it was refused. Is there anyway to log the success/failure of
the queries?



Matthew Huff   | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com  | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139


Matthew Huff.vcf
Description: Binary data


smime.p7s
Description: S/MIME cryptographic signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users